procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Name | Vendor | Start Version | End Version |
---|---|---|---|
Procps-ng | Procps-ng_project | * | 3.3.15 (excluding) |
Red Hat Enterprise Linux 6 | RedHat | procps-0:3.2.8-45.el6_9.3 | * |
Red Hat Enterprise Linux 6.6 Advanced Update Support | RedHat | procps-0:3.2.8-30.el6_6.1 | * |
Red Hat Enterprise Linux 6.6 Telco Extended Update Support | RedHat | procps-0:3.2.8-30.el6_6.1 | * |
Red Hat Enterprise Linux 6.7 Extended Update Support | RedHat | procps-0:3.2.8-35.el6_7.1 | * |
Red Hat Enterprise Linux 7 | RedHat | procps-ng-0:3.3.10-17.el7_5.2 | * |
Red Hat Enterprise Linux 7.3 Advanced Update Support | RedHat | procps-ng-0:3.3.10-10.el7_3.1 | * |
Red Hat Enterprise Linux 7.3 Telco Extended Update Support | RedHat | procps-ng-0:3.3.10-10.el7_3.1 | * |
Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions | RedHat | procps-ng-0:3.3.10-10.el7_3.1 | * |
Red Hat Enterprise Linux 7.4 Extended Update Support | RedHat | procps-ng-0:3.3.10-16.el7_4.1 | * |
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | RedHat | imgbased-0:1.0.17-0.1.el7ev | * |
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | RedHat | redhat-release-virtualization-host-0:4.2-3.1.el7 | * |
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | RedHat | redhat-virtualization-host-0:4.2-20180531.0 | * |
Procps | Ubuntu | artful | * |
Procps | Ubuntu | bionic | * |
Procps | Ubuntu | devel | * |
Procps | Ubuntu | trusty | * |
Procps | Ubuntu | upstream | * |
Procps | Ubuntu | xenial | * |